U.S Department of Transportation vulnerable to CSRF,SQLi and XSS

The Hacker group called as 'The Wiki Boat Brazil' has discovered three critical vulnerabilities in the official websites of U.S Department of Transportation(dot.gov).

Cross-Site Request Forgery (CSRF) is an attack that tricks the victim into loading a page that contains a malicious request to the server.

The site found to be vulnerable to Cross-site request forgery(CSRF) attack. The hackers provided us the POC for the CSRF attack. This vulnerability allows attackers CSRF to change user to admin , if admin user click the specially-crafted link .

They've also discovered SQL Injection vulnerability in the ITS Deployment Statistics sub domain of U.S. Department of Transportation (www.itsdeployment.its.dot.gov).